diff options
author | lloyd <[email protected]> | 2010-02-14 05:42:50 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2010-02-14 05:42:50 +0000 |
commit | 508ccf7deb5ae8acb05d3514067bf3d0cc504a62 (patch) | |
tree | 56c0002503c01af255193aca762415875775170d | |
parent | 1e596a25e32c3106b3d6e2aceb64a270a8b30713 (diff) |
Various minor SSL fixes
-rw-r--r-- | doc/examples/tls_client.cpp | 14 | ||||
-rw-r--r-- | doc/examples/tls_server.cpp | 2 | ||||
-rw-r--r-- | src/ssl/cert_ver.cpp | 2 | ||||
-rw-r--r-- | src/ssl/hello.cpp | 2 | ||||
-rw-r--r-- | src/ssl/rec_read.cpp | 6 | ||||
-rw-r--r-- | src/ssl/rec_wri.cpp | 1 | ||||
-rw-r--r-- | src/ssl/tls_alerts.h | 2 | ||||
-rw-r--r-- | src/ssl/tls_client.cpp | 21 | ||||
-rw-r--r-- | src/ssl/tls_exceptn.h | 32 | ||||
-rw-r--r-- | src/ssl/tls_messages.h | 2 | ||||
-rw-r--r-- | src/ssl/tls_policy.h | 2 | ||||
-rw-r--r-- | src/ssl/tls_record.h | 2 | ||||
-rw-r--r-- | src/ssl/tls_server.cpp | 7 | ||||
-rw-r--r-- | src/ssl/tls_session_key.h | 2 | ||||
-rw-r--r-- | src/ssl/tls_suites.cpp | 3 |
15 files changed, 48 insertions, 52 deletions
diff --git a/doc/examples/tls_client.cpp b/doc/examples/tls_client.cpp index 20fde6354..9e6b510f2 100644 --- a/doc/examples/tls_client.cpp +++ b/doc/examples/tls_client.cpp @@ -21,27 +21,23 @@ int main() { LibraryInitializer init; - Unix_Socket sock("randombit.net", 443); + Unix_Socket sock("www.randombit.net", 443); std::auto_ptr<Botan::RandomNumberGenerator> rng( Botan::RandomNumberGenerator::make_rng()); TLS_Client tls(*rng, sock); - printf("Connection open\n"); + std::string http_command = "GET /bitbashing\r\n"; + tls.write((const byte*)http_command.c_str(), http_command.length()); while(true) { if(tls.is_closed()) break; - std::string str; - std::getline(std::cin, str); - str += "\n"; - tls.write((const byte*)str.c_str(), str.length()); - - byte buf[4096] = { 0 }; - tls.read(buf, sizeof(buf)); + byte buf[16+1] = { 0 }; + u32bit got = tls.read(buf, sizeof(buf)-1); printf("%s", buf); fflush(0); } diff --git a/doc/examples/tls_server.cpp b/doc/examples/tls_server.cpp index d5cb77a84..72212de0f 100644 --- a/doc/examples/tls_server.cpp +++ b/doc/examples/tls_server.cpp @@ -37,7 +37,7 @@ int main() X509_Certificate cert = X509::create_self_signed_cert(options, key, "SHA-1", *rng); - Unix_Server_Socket listener(4433); + Unix_Server_Socket listener(4434); printf("Now listening...\n"); diff --git a/src/ssl/cert_ver.cpp b/src/ssl/cert_ver.cpp index 3ea6db685..c75a96c4c 100644 --- a/src/ssl/cert_ver.cpp +++ b/src/ssl/cert_ver.cpp @@ -7,9 +7,9 @@ #include <botan/tls_messages.h> #include <botan/look_pk.h> -#include <botan/loadstor.h> #include <botan/rsa.h> #include <botan/dsa.h> +#include <botan/loadstor.h> #include <memory> namespace Botan { diff --git a/src/ssl/hello.cpp b/src/ssl/hello.cpp index ba30ec5f7..4f7676bb3 100644 --- a/src/ssl/hello.cpp +++ b/src/ssl/hello.cpp @@ -6,9 +6,7 @@ */ #include <botan/tls_messages.h> -#include <botan/tls_exceptn.h> #include <botan/loadstor.h> -#include <botan/exceptn.h> namespace Botan { diff --git a/src/ssl/rec_read.cpp b/src/ssl/rec_read.cpp index f6cedb2b7..c881119cd 100644 --- a/src/ssl/rec_read.cpp +++ b/src/ssl/rec_read.cpp @@ -6,9 +6,9 @@ */ #include <botan/tls_record.h> -#include <botan/tls_exceptn.h> -#include <botan/loadstor.h> #include <botan/lookup.h> +#include <botan/loadstor.h> +#include <botan/internal/debug.h> namespace Botan { @@ -191,7 +191,7 @@ SecureVector<byte> Record_Reader::get_record(byte& msg_type) mac.write(plaintext, plain_length); mac.end_msg(); - seq_no++; + ++seq_no; SecureVector<byte> computed_mac = mac.read_all(Pipe::LAST_MESSAGE); diff --git a/src/ssl/rec_wri.cpp b/src/ssl/rec_wri.cpp index e48c9c571..4345241ee 100644 --- a/src/ssl/rec_wri.cpp +++ b/src/ssl/rec_wri.cpp @@ -6,7 +6,6 @@ */ #include <botan/tls_record.h> -#include <botan/tls_exceptn.h> #include <botan/handshake_hash.h> #include <botan/lookup.h> #include <botan/loadstor.h> diff --git a/src/ssl/tls_alerts.h b/src/ssl/tls_alerts.h index 9051e052f..8bc112761 100644 --- a/src/ssl/tls_alerts.h +++ b/src/ssl/tls_alerts.h @@ -8,7 +8,7 @@ #ifndef BOTAN_ALERT_H__ #define BOTAN_ALERT_H__ -#include <botan/exceptn.h> +#include <botan/tls_exceptn.h> namespace Botan { diff --git a/src/ssl/tls_client.cpp b/src/ssl/tls_client.cpp index e4dc90761..9302311c9 100644 --- a/src/ssl/tls_client.cpp +++ b/src/ssl/tls_client.cpp @@ -8,13 +8,10 @@ #include <botan/tls_client.h> #include <botan/tls_alerts.h> #include <botan/tls_state.h> -#include <botan/tls_exceptn.h> - #include <botan/loadstor.h> - #include <botan/rsa.h> -#include <botan/dh.h> #include <botan/dsa.h> +#include <botan/dh.h> namespace Botan { @@ -383,17 +380,17 @@ void TLS_Client::process_handshake_msg(Handshake_Type type, ) ) throw TLS_Exception(HANDSHAKE_FAILURE, - "Server reply w/ bad ciphersuite"); + "TLS_Client: Server replied with bad ciphersuite"); state->version = state->server_hello->version(); if(state->version > state->client_hello->version()) throw TLS_Exception(HANDSHAKE_FAILURE, - "Server replied with bad version"); + "TLS_Client: Server replied with bad version"); if(state->version < policy->min_version()) throw TLS_Exception(PROTOCOL_VERSION, - "Server is too old for specified policy"); + "TLS_Client: Server is too old for specified policy"); writer.set_version(state->version); reader.set_version(state->version); @@ -412,11 +409,11 @@ void TLS_Client::process_handshake_msg(Handshake_Type type, peer_certs = state->server_certs->cert_chain(); if(peer_certs.size() == 0) throw TLS_Exception(HANDSHAKE_FAILURE, - "No certificates sent by server"); + "TLS_Client: No certificates sent by server"); if(!policy->check_cert(peer_certs, peer_id)) throw TLS_Exception(BAD_CERTIFICATE, - "Server certificate is not valid"); + "TLS_Client: Server certificate is not valid"); state->kex_pub = peer_certs[0].subject_public_key(); @@ -470,7 +467,7 @@ void TLS_Client::process_handshake_msg(Handshake_Type type, state->client_hello->random(), state->server_hello->random())) throw TLS_Exception(DECRYPT_ERROR, - "Bad signature on server key exchange"); + "Bad signature on server key exchange"); } } else if(type == CERTIFICATE_REQUEST) @@ -541,7 +538,7 @@ void TLS_Client::process_handshake_msg(Handshake_Type type, if(!state->server_finished->verify(state->keys.master_secret(), state->version, state->hash, SERVER)) throw TLS_Exception(DECRYPT_ERROR, - "Finished message didn't verify"); + "Finished message didn't verify"); delete state; state = 0; @@ -565,7 +562,7 @@ void TLS_Client::do_handshake() if(active && !state) break; if(!active && !state) - throw TLS_Exception(HANDSHAKE_FAILURE, "Handshake failed"); + throw TLS_Exception(HANDSHAKE_FAILURE, "TLS_Client: Handshake failed"); state_machine(); } diff --git a/src/ssl/tls_exceptn.h b/src/ssl/tls_exceptn.h index 15f52b19a..ed9d990a2 100644 --- a/src/ssl/tls_exceptn.h +++ b/src/ssl/tls_exceptn.h @@ -1,32 +1,38 @@ -/* -* SSL Exceptions -* (C) 2004-2010 Jack Lloyd +/** +* Exceptions Header File +* (C) 2004-2006 Jack Lloyd * -* Distributed under the terms of the Botan license +* Released under the terms of the Botan license */ -#ifndef BOTAN_SSL_EXCEPTION_H__ -#define BOTAN_SSL_EXCEPTION_H__ +#ifndef BOTAN_TLS_EXCEPTION_H__ +#define BOTAN_TLS_EXCEPTION_H__ -#include <botan/tls_magic.h> #include <botan/exceptn.h> +#include <botan/tls_magic.h> namespace Botan { -struct BOTAN_DLL TLS_Exception : public Exception +/** +* Exception Base Class +*/ +class BOTAN_DLL TLS_Exception : public Exception { public: - Alert_Type type() const { return alert_type; } + Alert_Type type() const throw() { return alert_type; } - TLS_Exception(Alert_Type type, const std::string& msg) : - Exception("SSL/TLS error: " + msg), alert_type(type) - {} + TLS_Exception(Alert_Type type, + const std::string& err_msg = "Unknown error") : + Exception(err_msg), alert_type(type) {} private: Alert_Type alert_type; }; -struct BOTAN_DLL Unexpected_Message : public TLS_Exception +/** +* Unexpected_Message Exception +*/ +struct Unexpected_Message : public TLS_Exception { Unexpected_Message(const std::string& err) : TLS_Exception(UNEXPECTED_MESSAGE, err) {} diff --git a/src/ssl/tls_messages.h b/src/ssl/tls_messages.h index 977dfbbc3..87bfdde05 100644 --- a/src/ssl/tls_messages.h +++ b/src/ssl/tls_messages.h @@ -9,8 +9,8 @@ #define BOTAN_TLS_MESSAGES_H__ #include <botan/tls_record.h> -#include <botan/tls_policy.h> #include <botan/handshake_hash.h> +#include <botan/tls_policy.h> #include <botan/bigint.h> #include <botan/pkcs8.h> #include <botan/x509cert.h> diff --git a/src/ssl/tls_policy.h b/src/ssl/tls_policy.h index 3e3ba9d73..081cebaea 100644 --- a/src/ssl/tls_policy.h +++ b/src/ssl/tls_policy.h @@ -8,9 +8,9 @@ #ifndef BOTAN_POLICY_H__ #define BOTAN_POLICY_H__ +#include <botan/tls_magic.h> #include <botan/x509cert.h> #include <botan/dl_group.h> -#include <botan/tls_magic.h> #include <vector> namespace Botan { diff --git a/src/ssl/tls_record.h b/src/ssl/tls_record.h index b362d3fb7..420ec7d50 100644 --- a/src/ssl/tls_record.h +++ b/src/ssl/tls_record.h @@ -9,8 +9,8 @@ #define BOTAN_RECORDS_H__ #include <botan/tls_session_key.h> -#include <botan/tls_suites.h> #include <botan/socket.h> +#include <botan/tls_suites.h> #include <botan/pipe.h> #include <vector> diff --git a/src/ssl/tls_server.cpp b/src/ssl/tls_server.cpp index a530d04dd..6ee4f51d2 100644 --- a/src/ssl/tls_server.cpp +++ b/src/ssl/tls_server.cpp @@ -7,7 +7,7 @@ #include <botan/tls_server.h> #include <botan/tls_alerts.h> -#include <botan/tls_exceptn.h> +#include <botan/tls_state.h> #include <botan/loadstor.h> #include <botan/rsa.h> #include <botan/dh.h> @@ -23,7 +23,7 @@ Version_Code choose_version(Version_Code client, Version_Code minimum) { if(client < minimum) throw TLS_Exception(PROTOCOL_VERSION, - "Client's protocol is unacceptable by policy"); + "Client version is unacceptable by policy"); if(client == SSL_V3 || client == TLS_V10) return client; @@ -458,8 +458,7 @@ void TLS_Server::do_handshake() state_machine(); if(!active && !state) - throw TLS_Exception(HANDSHAKE_FAILURE, - "TLS_Server: Handshake failed"); + throw TLS_Exception(HANDSHAKE_FAILURE, "TLS_Server: Handshake failed"); } } diff --git a/src/ssl/tls_session_key.h b/src/ssl/tls_session_key.h index f3feee86e..62e18e645 100644 --- a/src/ssl/tls_session_key.h +++ b/src/ssl/tls_session_key.h @@ -9,7 +9,7 @@ #define BOTAN_SESSION_KEYS_H__ #include <botan/tls_suites.h> -#include <botan/tls_magic.h> +#include <botan/tls_exceptn.h> #include <botan/symkey.h> namespace Botan { diff --git a/src/ssl/tls_suites.cpp b/src/ssl/tls_suites.cpp index f5c1ceacc..1146d81d8 100644 --- a/src/ssl/tls_suites.cpp +++ b/src/ssl/tls_suites.cpp @@ -7,8 +7,9 @@ #include <botan/tls_suites.h> #include <botan/tls_exceptn.h> -#include <botan/tls_magic.h> #include <botan/parsing.h> +#include <vector> +#include <string> namespace Botan { |